Chris Evans reports that AbiWord is vulnerable to multiple
stack-based buffer overflow vulnerabilities. This
is caused by improper checking of the user-supplied data
before it is being copied to an too small buffer. The
vulnerability is triggered when someone is importing RTF
files.

Secunia Research has discovered some vulnerabilities in Xpdf,
which can be exploited by malicious people to compromise a user's
system.

An array indexing error within the
"DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc
can be exploited to corrupt memory via a specially crafted PDF
file.

An integer overflow error within the "DCTStream::reset()"
method in xpdf/Stream.cc can be exploited to cause a heap-based
buffer overflow via a specially crafted PDF file.

A boundary error within the "CCITTFaxStream::lookChar()" method
in xpdf/Stream.cc can be exploited to cause a heap-based buffer
overflow by tricking a user into opening a PDF file containing a
specially crafted "CCITTFaxDecode" filter.

Chris Evans reports that AbiWord is vulnerable to multiple
stack-based buffer overflow vulnerabilities. This
is caused by improper checking of the user-supplied data
before it is being copied to an too small buffer. The
vulnerability is triggered when someone is importing RTF
files.

A flaw has been found which can allow malicious code to take
advantage of an input validation failure in the Microsoft import
filter in Calligra and KOffice. Exploitation can allow the attacker
to gain control of the running process and execute code on its
behalf.

Secunia Research has discovered some vulnerabilities in Xpdf,
which can be exploited by malicious people to compromise a user's
system.

An array indexing error within the
"DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc
can be exploited to corrupt memory via a specially crafted PDF
file.

An integer overflow error within the "DCTStream::reset()"
method in xpdf/Stream.cc can be exploited to cause a heap-based
buffer overflow via a specially crafted PDF file.

A boundary error within the "CCITTFaxStream::lookChar()" method
in xpdf/Stream.cc can be exploited to cause a heap-based buffer
overflow by tricking a user into opening a PDF file containing a
specially crafted "CCITTFaxDecode" filter.